Convex Cybersecurity :Articles by: Convex Cybersecurity
CategoriesNetwork
byConvex Cybersecurity

Network security best practices for the holiday season

It’s that time of year when people in many parts of the world are look forward to spending time with family, friends, and taking a bit of a break.  However, it’s also when bad actors, and adversaries switch into high gear, looking to take advantage of the fact that many networks are less utilized and less scrutinized over the holiday period. Ransomware attacks, to give just one example, typically increase at this time of year.

With that in mind, here are some quick and easy best practices to better protect your network while you take some well-deserved time out.

1. Shut down unneeded systems

This is especially important for any systems that offer RDP access as it is often used by adversaries as an entry point or tool to move laterally within a network. The same advice applies to IoT devices.  If they aren’t needed, shut them down for the holidays. If you really need to have some systems with RDP access enabled, double-check and then triple-check the security.

If you haven’t already, consider ZTNA to secure access to your RDP systems and other applications.  In fact, the holidays maybe the ideal time to start a Sophos ZTNA free trial for you and your team. At the very least, make sure any RDP solutions are protected with multi-factor authentication to prevent brute-forced or stolen credentials from being a point of compromise.

2. Update firewall and network infrastructure firmware

If you have a Sophos Firewall, we recently released v19.5 which includes a number of security enhancements, performance improvements, and new features such as:

  • Xstream FastPath TLS encrypted traffic inspection
  • SD-WAN load balancing
  • VPN performance improvements
  • High Availability enhancements
  • New Azure AD integration for secure login
  • And much more!

Regardless of your preferred vendor, make sure your firewall and other network infrastructure such as VPN concentrators, switches, and other devices are all running the latest release as they often contain important fixes for known vulnerabilities.

3. Call on Sophos Rapid Response if you experience an attack

If you experience an emergency incident over the holidays (or anytime), you can engage our fixed-fee Sophos Rapid Response service. Our team of expert incident responders will help you triage, contain, and eliminate active threats, and remove all traces of the attackers from your network. Whether it is an infection, compromise, or unauthorized access attempting to circumvent your security controls, we have seen and stopped it all. Sophos Rapid Response is available 24/7/365, including over the holiday period.

CategoriesNetwork
byConvex Cybersecurity

How zero trust access protects your data

The pandemic created a tectonic shift in the way most organizations operate, with many employees forced to work from home.

This revealed many benefits for both parties that have turned remote working and hybrid workplaces into a productive and sustainable way of operating.

This new normal, with a multitude of branch offices of one person, has also created some additional challenges and exposed many issues with remote access VPN.

The time is right for ZTNA

Fortunately, zero-trust network access – or ZTNA – has emerged as the perfect solution, at the perfect time.

ZTNA enables remote workers to seamlessly and transparently access the applications, data, and systems they need to be productive, while simultaneously solving all the major issues with VPN: scalability, management, performance, and most importantly, security.

Security first

Data security and privacy are critically important and justifiably regulated across most jurisdictions: GDPR in Europe, the Data Protection Act in the UK, CCPA in the USA, PIPEDA in Canada, and the Privacy Act in Australia, to name just a few.

Some jurisdictions, like Germany’s Federal Office for Information Security (BSI) and the United States Federal Government, have taken data protection a step further by mandating state-of-the-art cybersecurity standards using technologies like zero trust.

ZTNA versus VPN

Naturally, no organization can afford a data breach, but many are at a loss as to how best to protect against them. Where remote workers are involved, ZTNA is an essential first step as it offers many benefits over VPN:

Unlike VPN, ZTNA doesn’t offer implicit trust and broad access to internal networks. In fact, it works the opposite way, where users are ONLY allowed access to very specific resources while everything else is blocked. The remote device is not “on the network,” which means lateral movement is effectively gone.
ZTNA can work clientless or integrated with an endpoint protection agent to offer better end-user security and eliminate any potential vulnerabilities in old VPN client software.

ZTNA makes your hosted networked applications completely invisible to the outside world, dramatically reducing your surface area of attack.
ZTNA eliminates credential theft as a potential point of entry as multi-factor authentication is an integral part of the solution.

And the best part is, ZTNA is much easier to scale and manage than remote-access VPN solutions.

CategoriesSecurity
byConvex Cybersecurity

Ransomware: Best Practices for Securing Your Network

66% of organizations were hit by ransomware last year* demonstrating that adversaries have become considerably more capable at executing attacks at scale than ever before.

Modern attacks leverage legitimate IT tools such as Remote Desktop Protocol (RDP) to gain access to networks, making initial detection notoriously difficult. The root of the problem is that there’s too much implicit trust in the use of these tools which has repeatedly proven unwise.

Implementing robust network security measures is a sure-fire way to mitigate this risk. In our new whitepaper, Best Practices for Securing Your Network from Ransomware, and in this article, we share practical network security tips to help elevate your ransomware protection.

1. Micro-segment your network
Micro-segmenting allows you to limit the lateral movement of threats. One way to achieve this is to create small zones or VLANs and connect them via managed switches and a firewall to apply anti-malware and IPS protection between segments. This lets you identify and block threats attempting to move laterally across your network.

2. Replace remote-access VPN with a Zero Trust Network Access solution (ZTNA)
ZTNA is the modern replacement for remote-access VPN. It eliminates the inherent trust and broad access that VPN provides, instead using the principles of Zero Trust: trust nothing, verify everything. To learn more about the benefits of ZTNA over VPN, read our article here.

3. Implement the strongest possible protection
Always deploy the highest level of protection on your firewall, endpoints, servers, mobile devices, and remote access tools. In particular:

Ensure your firewall has TLS 1.3 inspection, next-gen IPS, and streaming DPI with machine learning and sandboxing for protection from the latest zero-day threats
Ensure your endpoints have modern next-gen protection capabilities to guard against credential theft, exploits, and ransomware
4. Reduce the surface area of cyberattacks
We recommend that you review your firewall rules and eliminate any remote access or RDP system access through VPN, NAT, or port-forwarding, and ensure that any traffic flows are properly protected. Eliminating exposure from remote access goes a long way in reducing the number of in-roads for attackers to launch ransomware attacks.

5. Keep your firmware and software patched and up-to-date
This is important for both your network infrastructure (such as your firewall or remote-access software or clients) and your systems given that every update includes important security patches for previously discovered vulnerabilities.

6. Use multi-factor authentication (MFA)
Ensure your network operates on a zero-trust model where every user and device has to continually earn trust by verifying their identity. Also, enforce a strong password policy and consider adopting authentication solutions like Windows Hello for Business.

7. Instantly respond to cyberattacks
Use automation technologies and human expertise to accelerate cyber incident response and remediation. Ensure your network security infrastructure helps you automatically respond to active attacks so you can isolate a compromised host before it can cause serious damage.

An increasingly popular way to achieve this is via a managed detection and response (MDR) service. MDR is a fully managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent. To learn more on the benefits of MDR, read our article here.